private Map<String, Object> getClientCredentialsAdapterConfig(ClientModel client) {
String clientAuthenticator = client.getClientAuthenticatorType();
ClientAuthenticatorFactory authenticator =
(ClientAuthenticatorFactory)
realmManager
.getSession()
.getKeycloakSessionFactory()
.getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
return authenticator.getAdapterConfiguration(client);
}
public boolean removeClient(RealmModel realm, ClientModel client) {
if (realm.removeClient(client.getId())) {
UserSessionProvider sessions = realmManager.getSession().sessions();
if (sessions != null) {
sessions.onClientRemoved(realm, client);
}
UserSessionPersisterProvider sessionsPersister =
realmManager.getSession().getProvider(UserSessionPersisterProvider.class);
if (sessionsPersister != null) {
sessionsPersister.onClientRemoved(realm, client);
}
UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
if (serviceAccountUser != null) {
new UserManager(realmManager.getSession()).removeUser(realm, serviceAccountUser);
}
return true;
} else {
return false;
}
}
public void enableServiceAccount(ClientModel client) {
client.setServiceAccountsEnabled(true);
// Add dedicated user for this service account
if (realmManager.getSession().users().getServiceAccount(client) == null) {
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
logger.debugf("Creating service account user '%s'", username);
// Don't use federation for service account user
UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username);
user.setEnabled(true);
user.setEmail(username + "@placeholder.org");
user.setServiceAccountClientLink(client.getId());
}
// Add protocol mappers to retrieve clientId in access token
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_ID,
ServiceAccountConstants.CLIENT_ID,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
// Add protocol mappers to retrieve hostname and IP address of client in access token
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_HOST,
ServiceAccountConstants.CLIENT_HOST,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL,
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_ADDRESS,
ServiceAccountConstants.CLIENT_ADDRESS,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
}
